Offensive Cyber Beyond the Usual Suspects

The world’s attention remains focused on Russia’s invasion of Ukraine. Since the start of the conflict, cybersecurity experts and scholars have engaged in a heated debate over the perceived success and failure of cyber operations. Major crises such as this have also resurfaced questions around the role, form, tactics, and narratives that configure what offensive cyber is and how it is enacted.

Our understanding of offensive cyber capabilities is incomplete. The war in Ukraine is a stark reminder that assessments based on the peacetime use of these capabilities do not straightforwardly apply to wartime. The task of assessing cyber capabilities is further complicated by the lack of transparency around these capabilities, diverse institutional arrangements, and the variations in the scale and goals of different states’ cyber organisations.

Another factor contributing to this incomplete view is the fact that much writing on offensive cyber has focused on the same small group of countries identified as cyber powers. This group usually involves the members of the Five Eyes intelligence alliance, particularly the United States and the United Kingdom, along with allies and partners such as France and Israel. China, Russia, Iran, and North Korea are often considered, albeit primarily as US adversaries rather than in their own terms.

A more complete understanding of offensive cyber requires examining how these capabilities are being used beyond this small set of players.

More broadly, understandings of the nature of offensive cyber will vary between actors. As well as being the focus of much of the analysis, countries such as the US and the UK have been the most vocal in outlining their understanding of offensive cyber. However, these definitions can be contested. For example, the distinction in Western military doctrine between cyber and information operations is not universally recognised. Similarly, the US’s conceptualisation of military activity on other states’ networks as ‘defending forward’ would be contested by some observers.

It is not simply a question of how offensive cyber operations are used in other parts of the world – offensive cyber might mean different things to different people.

Reflecting on these and other challenges, The Alert invites contributions from scholars and practitioners thinking about offensive cyber ‘beyond the usual suspects.’ This includes redirecting our present gaze to countries in the global south, ‘small’ countries, and actors other than the state. This work could be empirical – looking at how these capabilities are used – or theoretical, examining how they are understood. 

In addition, The Alert highlights below some of the work on offensive cyber (and cybersecurity more broadly) that is focused on countries beyond the usual focus on the Five Eyes allies and parts of Europe. The list is incomplete – if there are important works that you think we have missed we would be keen to hear from you.

Going ‘beyond the usual suspects’ is an ongoing exercise that extrapolates from niche academic debates. However, it is one that can help practitioners, government officials, and human rights defenders critically assess the deployment of cyber capabilities, devise policy recommendations that speak to different contextual realities, and develop strategies that consider the diverse ways through which offensive cyber can be institutionally consolidated.

Examples of works that go beyond ‘the usual suspects’

Maschmeyer, Lennart, Ronald J. Deibert, and Jon R. Lindsay. “A tale of two cybers-how threat reporting by cybersecurity firms systematically underrepresents threats to civil society.” Journal of Information Technology & Politics 18.1 (2021): 1-20.

Chenou, Jean-Marie. “The contested meanings of cybersecurity: evidence from post-conflict Colombia.” Conflict, Security & Development 21.1 (2021): 1-19.

Shires, James. The Politics of Cybersecurity in the Middle East. Hurst Publishers, 2021.

Uchill, Joe. 2021. ‘Hack-and-Leak for Hire Being Sold as Litigation Assistance’. 16 November 2021.

Valeros, Veronica, et al. “A study of machete cyber espionage operations in Latin America.” Virus Bulletin International Conference. 2019.

Schulze, Matthias, and Sven Herpig. “Germany Develops Offensive Cyber Capabilities Without a Coherent Strategy of What to Do With Them.” Council on Foreign Relations 3 (2018): 18.

Hurel, Louise Marie. “Beyond the Great Powers: Challenges for Understanding Cyber Operations in Latin America.” Global Security Review 2.1 (2022): 7.

One response to “Offensive Cyber Beyond the Usual Suspects”

  1. […] insurance industry is far from a “usual suspect” when it comes to offensive cyber operations. Insurers are neither belligerents, targets nor […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at